“The threat actor leveraged CVE-2024-38112 to execute malicious code by abusing the MHTML protocol handler and x-usc directives through internet shortcut (URL) files. Using this technique, the threat actor was able to access and run files directly through the disabled Internet Explorer instance on Windows machines,” Trend Micro researchers noted.
Which Windows machines still have remnants of Internet Explorer on them? Do Windows 11 machines still include a disabled Internet Explorer or core components of Internet Explorer?
I’m gonna say yes. MS are as bad of packrats as anyone else, and every time we look there’s some crusty old stuff in there.
Microsoft is up there in the ranks of ancient spaghetti coders.
To be fair, they’re kind of held hostage by users’ long-held expectations of backwards compatibility, and they have made progress over the last few years. No doubt there’s nasty stuff in there still, and recent revelations about the Solar Winds hack show Microsoft has a culture of prioritizing immediate profit over security.
What in the world? That thumbnail looks almost identical to a windows logo I made in 3DS Max like 20 years ago. Trippy!
